Author Topic: Threatcast - Option or Permanent Addition to Comodo Firewall  (Read 18149 times)

Offline searchlight4759

  • Newbie
  • *
  • Posts: 15
Threatcast - Option or Permanent Addition to Comodo Firewall
« on: March 21, 2008, 11:25:38 PM »
I am currently using the latest version of Comodo PFW on my PC, and it is stable and working smoothly with all of my programs.

Since Threatcast will be a new feature, and the database has not yet been established until people use it enough,  will it be a feature that will be incorporated into the next stable version of Comodo and permanently on, or an optional feature that can be turned off until it is proven that the database is accurate and quite comprehensive?

Like a previous reviewer stated, I would be more content if there was a known security recommendation concerning a program coming from a Comodo security expert combined with what action people took with the program.

Not everyone is familiar with different programs, and some might accidentally accept the alert action when they should have rejected the program. I would hate to see that because 5 people said yes, and 2 said no, that the recommendation would be to accept the program by Comodo PFW when in fact the program was malicious or some type of trojan.

Any thoughts?
« Last Edit: March 21, 2008, 11:29:54 PM by searchlight4759 »

Offline Info-Sec

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 605
Re: Threatcast - Option or Permanent Addition to Comodo Firewall
« Reply #1 on: March 21, 2008, 11:41:01 PM »
Honestly, I think it should be an option.  I like it when im alerted about most things.
*Vista *CFP V3 *Avira * Avast *Spyware Doctor
*XP *Zone Alarm PRO *NOD32 V2.7 *Spysweeper

Offline searchlight4759

  • Newbie
  • *
  • Posts: 15
Re: Threatcast - Option or Permanent Addition to Comodo Firewall
« Reply #2 on: March 22, 2008, 12:00:15 AM »
I agree with you. I like to be alerted as well but my concern is with the quality of the alert.

I do not think most people like to be interrupted incessantly with pop-up messages unless it is something critical but the premise here is for the user to make an informed decision, and the question is whether most users are competent enough from a security standpoint to make the right decision concerning a particular program's access rights or permissions.

I am honestly NOT a security expert, so I appreciate it when the firewall that I am using provides a recommendation that I know came from a trusted source.

On the other hand, will Comodo experts filter the data supplied? In other words, are there mechanisms in place that will determine whether people made the proper decisions before it is entered into the database?
« Last Edit: March 22, 2008, 12:30:09 AM by searchlight4759 »

Offline xiuhcoatl

  • Unaffiliated Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 911
Re: Threatcast - Option or Permanent Addition to Comodo Firewall
« Reply #3 on: March 22, 2008, 12:20:45 AM »
I hope this is an option you can activate or disactivate.  And also I think that at least at first there should be some filtering by Comodo but it does not looked to be designed for this.  The snap shots just show how many alerts CFP has detected and the ratio/number of users who have chosen each option Allow/Block.

 No I don't think most users can be trusted to make the correct decision Nut we will have to see how this works out.
and you do not have to be a lemming ifyou chose not to be one.

OD
When things go wrong, and they usually will,and your daily road, seems all uphill, when machines are down,and tempers high, when you try to smile, but can only cry,and you really feel you'd like to quit, don't run to me I don't give a sh*t.
(A semi retired systems analyst's credo)

Offline Goose19

  • Comodo's Hero
  • *****
  • Posts: 1218
Re: Threatcast - Option or Permanent Addition to Comodo Firewall
« Reply #4 on: March 22, 2008, 12:57:27 AM »
I believe it is a GREAT idea for newbie CFP users. But Personally i like the pop ups it makes me feel secure to know that my firewall is truly doing what it is meant to do. I'd honestly feel that my computer is Vulnerable if i didn't have those pop ups  (L)
System Specs:  Pentium 4 with HT 3.06 Ghz,  1.5GB RAM, 160 GB WDC HD, Nvidia Geforce 7600GT 256MB DDR3



New Build: AMD Athlon 64 x2 6000 3.1 Ghz  4 Gb RAM 320GB WDC Hard Drive 650 watt quad rail Power supply(overkill :D) 9500GT Hybrid SLi with 8200 (onboard video) Decent Gaming rig :)

Offline searchlight4759

  • Newbie
  • *
  • Posts: 15
Re: Threatcast - Option or Permanent Addition to Comodo Firewall
« Reply #5 on: March 22, 2008, 01:20:00 AM »
I want to thank all of you who have replied to my posting so far but I wish to clarify my topic.

I did not wish to imply that pop-up alerts should be disabled. By all means they should be enabled unless the user does not wish to receive them.

My topic has to do with having an option to disable Threatcast at this time. Since this is a new service, and the database needs to be built, I would be more content if CPFW provided a pop-up, an alert that also contained a recommendation as to whether I should accept or deny/block a program based on a recommendation by a Comodo security expert.

To indicate how many times individuals accepted or denied a program is like playing with fire. Not all of us are security experts, and not all of us are familiar with every type of threat out there. Some people may just accept a program so as to stop receiving alerts when in fact they should have denied it. So to provide a statistic as to how many said yes, and how many said no is not enough information to  help make an informed decision. It would not be enough for me at least.

The question that needs to be asked is can we trust the source. I think before Threatcast is roled out as a permanent feature in CPFW, it should be made an option. Once, and if Comodo can determine that most people made the right decision, then it should be permanently implemented or always on.

Another way might be to just compile statistics of what people did, analyze the validity of their decisions, and then incorporate that to support or reinforce the security recommendation that the firewall makes in regards to what should programs should be blacklisted or whitelisted.

Josh123

  • Guest
Re: Threatcast - Option or Permanent Addition to Comodo Firewall
« Reply #6 on: March 22, 2008, 01:44:02 AM »
I also like the idea. It should be a permanent option, It will be great for Newbie users of CFP 3. I also like the alerts, But I don't get alert much since I am with "Train with safe mode" in Defense+, and its already learned my programs in past 2 weeks :-)

Josh.

Offline Blas

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 373
Re: Threatcast - Option or Permanent Addition to Comodo Firewall
« Reply #7 on: March 22, 2008, 03:28:48 AM »
I understand your concerns...
But the ThreatCast statistic is not the only thing you should rely on when answering an alert. Popups still contain the information that they did before TC also with the recommendation. It can be found under Security Considerations tab on the popup. TC is only there to help you decide if you are not sure. But it is not a guarantee.

Offline Dennis2

  • Awaiting Admin Approval Moderator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 7598
Re: Threatcast - Option or Permanent Addition to Comodo Firewall
« Reply #8 on: March 22, 2008, 05:24:43 AM »
I understand your concerns...
But the ThreatCast statistic is not the only thing you should rely on when answering an alert. Popups still contain the information that they did before TC also with the recommendation. It can be found under Security Considerations tab on the popup. TC is only there to help you decide if you are not sure. But it is not a guarantee.
It also is interesting to see what other people block, most of the alerts seem to follow a normal action in the majority of times.
Dennis
Moderator: Aims Forum a friendly place. Any concerns? Please PM me and/or review the Forum Policy 2012Updated.
System:Windows 7 SP1(UAC)x32,LUA, CIS7.0.4132Upgrade,Sandboxie4.08
Vista Home P.(UAC)x32 SP2, LUA, CIS.7.0.4132

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 13533
    • Video Blog
Re: Threatcast - Option or Permanent Addition to Comodo Firewall
« Reply #9 on: March 22, 2008, 09:28:49 AM »
Threatcast will be an optional item.

However, there will be much progress in ways in which the alerts will be more trusted. We have lots of ideas and this was our starting point...

There will be a huge amount of cool and funky stuff with this new infrastructure called ThreatCast! :)

Melih

Offline Dennis2

  • Awaiting Admin Approval Moderator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 7598
Re: Threatcast - Option or Permanent Addition to Comodo Firewall
« Reply #10 on: March 22, 2008, 10:02:37 AM »
Threatcast will be an optional item.

However, there will be much progress in ways in which the alerts will be more trusted. We have lots of ideas and this was our starting point...

There will be a huge amount of cool and funky stuff with this new infrastructure called ThreatCast! :)

Melih
Looking forward to the rest impressed so far :BNC
Dennis
Moderator: Aims Forum a friendly place. Any concerns? Please PM me and/or review the Forum Policy 2012Updated.
System:Windows 7 SP1(UAC)x32,LUA, CIS7.0.4132Upgrade,Sandboxie4.08
Vista Home P.(UAC)x32 SP2, LUA, CIS.7.0.4132

Offline 00hmh

  • Comodo Loves me
  • ****
  • Posts: 104
ATTENTION Melih
« Reply #11 on: March 22, 2008, 10:34:11 AM »
This thread seems to hit on such a good idea, that, given your attention to user needs, I suspect you guys must have already thought of it...

Here's the idea that I see emerging, that the threatcast statistics are valuable, even if based only on the user information that it embodies.  However, it is an EXCELLENT idea that the Comodo experts monitor responses.  You guys are very likely to spot the errors that users might make when things are not so obvious.

So for the unsophisticated user, trusting the majority of users would be reassuring and reliable.

But, for the "average" user, there are certain to be a few cases where mistaken action is a majority choice, or at least many people might go astray.

And in the case of some "tricky" alerts, and in the case of spyware, and other malware, even sophisticated users might make mistakes.

In that latter case it would be highly desirable for Comodo experts to review action and communicate to users, perhaps through a periodic report on the threatcast statistics pubished by email or on the website or as a threatcast feature.

sded

  • Guest
Re: Threatcast - Option or Permanent Addition to Comodo Firewall
« Reply #12 on: March 22, 2008, 11:35:31 AM »
"Agreeing with me doesn't make me right.  Disagreeing with me doesn't make me wrong"  I think using the raw statistics could cause some interesting conflicts between user classes, since understanding of "why" is missing.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 13533
    • Video Blog
Re: ATTENTION Melih
« Reply #13 on: March 22, 2008, 05:25:24 PM »
This thread seems to hit on such a good idea, that, given your attention to user needs, I suspect you guys must have already thought of it...

Here's the idea that I see emerging, that the threatcast statistics are valuable, even if based only on the user information that it embodies.  However, it is an EXCELLENT idea that the Comodo experts monitor responses.  You guys are very likely to spot the errors that users might make when things are not so obvious.

So for the unsophisticated user, trusting the majority of users would be reassuring and reliable.

But, for the "average" user, there are certain to be a few cases where mistaken action is a majority choice, or at least many people might go astray.

And in the case of some "tricky" alerts, and in the case of spyware, and other malware, even sophisticated users might make mistakes.

In that latter case it would be highly desirable for Comodo experts to review action and communicate to users, perhaps through a periodic report on the threatcast statistics pubished by email or on the website or as a threatcast feature.

Indeed.. there will be many more ways to make sure the alerts are good :) wait and see... we are on it...

melih

Offline fhkh

  • Comodo Family Member
  • ***
  • Posts: 63
Re: Threatcast - Option or Permanent Addition to Comodo Firewall
« Reply #14 on: March 22, 2008, 11:09:36 PM »
You can stratify the response of the threadcast i.e. based on their competency.  In this example you can define several group during the threadcast registration.  When they register  they may put their status as example group 1 are expert user, group 2 are programmers, group 3 are common users etc.   You can define that group to the most suitable group from Comodo perspective.  Then we can see the statistic, don't forget to put the overall group result.

Good luck!  Keep the good work!

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek